AAD Cloud App Discovery enables IT to easily determine which cloud apps are in use in the organization. IT can then take steps to integrate the applications with Azure Active Directory.
↑ Back to top
With Cloud App Discovery, IT can:
Just go to New Azure Portal and 'Sign in' with your Microsoft Organizational account. Click here for a detailed walkthrough
Currently the Cloud app discovery endpoint agent can be installed on any Windows 7, 8, 8.1, 10 machine. It can also be installed on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview 4.
After installing the agent on a machine where the user has been accessing applications, data typically shows up within 10 minutes in Cloud App Discovery. Remember that there must be some application access activity on the machine.
The agents capture URLs, headers and metadata for HTTP/HTTPS accesses originating from the machine. This allows the agent to capture requests to all cloud applications accessed over HTTP or HTTPS. The agent also captures the username of the user on the machine.
The agent captures all HTTP/HTTPS traffic originating from the machine---regardless of whether it is from a browser or other application.
Yes. The Cloud app Discovery endpoint agent doesn’t distinguish between private or non-private modes.
Currently the Cloud App Discovery endpoint agent only captures applications that are accessed over HTTP/HTTPS. Some rich client applications use other protocols to talk to cloud applications. In such cases, these cloud applications will not be discovered
Every access to an application’s site typically includes multiple different requests to the site to retrieve different parts of the web-page (images, icons, etc). For example, when viewing http://www.msn.com your browser will actually make over dozens of additional web requests for content like pictures, social plugins and other resources. See the snapshot below. For known applications in the database, the Cloud App Discovery services includes an optimization that only counts webpage loads once---so the Cloud App Discovery Service can ignore counting every access to various elements of the webpage. However, this is an area we’re looking to continue to make improvements on.
However, this is an area we’re looking to make improvements on so we can weed out the ‘noise’ from these incidental accesses.
We’d love to hear from you about applications you’d like to see added to Azure Active Directory. You can suggest an application for pre-integration with AAD here.
The Cloud App Discovery agent collected traffic is sent securely to our service over an encrypted channel. The data in the service is only visible to admins of the tenant. Each tenant admin can only see the data for their tenant. And no other tenant’s.
Currently the data is stored in Azure blob store in the United States. The Cloud App Discovery service will extend to support data storage in other locations before we GA. The Cloud App Discovery service does not support deleting the data today, but will add support for this soon.
If you want to stop the agent, you can launch services.msc and stop the ‘Microsoft Cloud App Discovery Endpoint Agent’ service. You can start it again later if you feel like. If you want to uninstall the agent, just go relaunch the msi and click uninstall.
You can view which users have accessed a cloud app by selecting 'users discovered' tile in the application page. Click here for a detailed walkthrough
You can configure Cloud App Discovery to route your data to your Azure Storage. Click here for a detailed walkthrough